This is a 'tail -f' implementation for streaming pcap files.
Adds a pcap header at the begining and starts streaming after the first \r\n\r\n
to match with a new bodyless sip packet.
Unfortunately, there is no easy way to match a pcap packet beginning in the middle of a stream: the record packet starts with a timestamp and ends with the data, without any marker or delimitor.
$ captail -h
$ captail dump.pcap | ngrep -qt -W byline -I-
Plain binary tail -f
without any pcap knowledge.